Web

Nmap discovered a Web server on the target port 80

┌──(kali㉿kali)-[~/archive/htb/labs/caption]
└─$ curl -I http://$IP/    
HTTP/1.1 301 Moved Permanently
content-length: 0
location: http://caption.htb

301 to a domain; caption.htb

The domain information has been appended to the /etc/hosts file on Kali for local DNS resolution

Webroot It’s a login page

Wappalyzer identified technologies involved It’s a Flask application

Fuzzing

┌──(kali㉿kali)-[~/archive/htb/labs/caption]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -t 200 -u http://caption.htb/FUZZ -ic 
________________________________________________
 :: Method           : GET
 :: URL              : http://caption.htb/FUZZ
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-big.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 200
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________
                        [Status: 200, Size: 4412, Words: 503, Lines: 208, Duration: 62ms]
download                [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 74ms]
home                    [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 92ms]
Download                [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 72ms]
logout                  [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 165ms]
firewalls               [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 237ms]
logs                    [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 44ms]
DOWNLOAD                [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 125ms]
firewalls-faq           [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 625ms]
firewalls_ranum         [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1101ms]
DownLoad                [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 77ms]
firewallsecurityshareware [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 820ms]
firewalls_enough        [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 763ms]
firewalls1              [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 606ms]
LOGS                    [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 74ms]
firewallsteganos        [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 586ms]
firewalls-policy        [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 3645ms]
firewalls-2004          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 2107ms]
firewalls-2003          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1927ms]
firewalls-2006          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 502ms]
firewallservices        [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 447ms]
Logs                    [Status: 403, Size: 94, Words: 6, Lines: 5, Duration: 46ms]
firewallsvr             [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 321ms]
firewalls_torn          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 392ms]
firewalls-faq2          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 905ms]
firewalls-faq3          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1726ms]
firewalls-faq4          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1726ms]
firewalls-book          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 812ms]
firewalls-faq1          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 851ms]
firewalls_article-7479  [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 744ms]
firewalls_torn-es       [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 803ms]
firewalls97_participant [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1146ms]
firewalls97_extras2     [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1146ms]
firewalls3              [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 836ms]
firewalls2              [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 2671ms]
firewalls-icon          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1092ms]
firewalls-concepts      [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 710ms]
firewalls-ipf           [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1594ms]
firewalls-apps          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1612ms]
firewalls-pf            [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1617ms]
firewalls-ipfw          [Status: 302, Size: 189, Words: 18, Lines: 6, Duration: 1601ms]
:: Progress: [1273819/1273819] :: Job [1/1] :: 248 req/sec :: Duration: [1:45:01] :: Errors: 0 ::

Virtual Host / Sub-domain Discovery

┌──(kali㉿kali)-[~/archive/htb/labs/caption]
└─$ ffuf -c -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http://$IP/ -H 'Host: FUZZ.caption.htb' -ic -mc all -fc 301
________________________________________________
 :: Method           : GET
 :: URL              : http://10.129.186.48/
 :: Wordlist         : FUZZ: /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt
 :: Header           : Host: FUZZ.caption.htb
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 40
 :: Matcher          : Response status: all
 :: Filter           : Response status: 301
________________________________________________
:: Progress: [114437/114437] :: Job [1/1] :: 781 req/sec :: Duration: [0:03:20] :: Errors: 0 ::

N/A

InfoSec LAB

Explorer

Caption_Web_80

Web

Fuzzing

Virtual Host / Sub-domain Discovery

Interactive Graph View

Table of Contents

Backlinks